Cloud Fortified: what the badge means when you install a Jira app

Cloud Fortified is Atlassian's highest trust tier for Marketplace apps: security, reliability, and support audited on an ongoing basis. What it covers.

7 min read
Abstract glowing cloud server illustration, Cloud Fortified badge for Jira apps

When you add a third-party app to Jira, you are handing it a seat inside the system your team runs on every day. It reads your issues, it may write to them, and it lives next to your most sensitive project data. That is a lot of trust to extend to a logo in a Marketplace listing. Atlassian created the Cloud Fortified program to make that trust measurable, and Process Templates for Jira carries the badge.

This post explains what Cloud Fortified actually attests to, why it is harder to earn than a normal Marketplace approval, and what it changes for the teams who install our app.

What Cloud Fortified actually is

Cloud Fortified is a designation Atlassian grants to Marketplace Cloud apps that meet an elevated, audited bar across three areas: reliability, security, and support. It is not a marketing label you can request. An app has to demonstrate, on an ongoing basis, that it operates the way enterprise customers expect their own software to operate. On the Marketplace listing, the badge appears next to the app name as the current trust signal Atlassian surfaces.

The important word there is ongoing. A normal Marketplace approval is a point-in-time check. Cloud Fortified status has to be maintained: Atlassian keeps watching the app’s incident response, its security posture, and its support commitments, and the badge can be lost if those slip. So when you see it on a listing, you are looking at a current state, not a one-time certificate from years ago.

Cloud Fortified is the only formal certification we claim. We do not hold SOC 2 or ISO 27001, and we are not going to imply that we do. What we can point to is the attested Atlassian program, plus the platform our app is built on.

Why reliability, security, and support matter, not just in theory

Before the specific requirements, it is worth being honest about why these three things matter. They are not abstract virtues; they are the categories where a bad app actually hurts you.

  • Data integrity and protection. Your Jira instance holds operational data, customer records inside service-desk tickets, and sometimes regulated information. An app with weak security turns a vendor’s mistake into your breach, with the monetary, regulatory, and reputational fallout landing on you.
  • Uptime and performance. An app that hangs the create-issue screen or stalls a dashboard does not just annoy people. It slows the daily work of every team that depends on it, and that cost compounds across hundreds of users.
  • Trust and confidence. Teams adopt a tool faster when they are not bracing for it to break. Stability is what lets people build the app into their routine instead of working around it.
  • Support availability. Every app eventually has a problem. What separates a good vendor is short time-to-resolution, clear documentation, and a real channel to reach a human. You can see how we handle that on our support page.

Cloud Fortified exists because Atlassian wants the apps in its Marketplace to be the kind that score well on all four of those, not just the first one a customer happens to check.

The reliability pillar

The reliability side of Cloud Fortified is about behavior under stress, not behavior on a good day.

Apps in the program commit to incident management practices: detecting problems, communicating about them, and resolving them within defined expectations. The program also sets a concrete reliability bar, a 99.9% uptime target that Atlassian holds Cloud Fortified apps to, so the commitment is a number rather than a promise. For an app like ours that touches the create-issue flow, that matters, because a reliability problem there is visible to every user the moment they try to raise a ticket.

A large part of how we meet this is architectural. Process Templates for Jira is built on Atlassian Forge, Atlassian’s own serverless platform, so the parts of the app that plug into Jira’s create-issue flow run inside Atlassian’s infrastructure. Template data is held on a dedicated backend we run on managed DigitalOcean infrastructure in the EU, monitored and maintained to the uptime bar the programme sets.

The security pillar

Security is where Cloud Fortified asks the most. The program expects apps to follow Atlassian’s security requirements, participate in vulnerability disclosure and bug bounty expectations, and handle data responsibly. In practice that means enrolment in the Atlassian Marketplace Bug Bounty Program, so independent researchers continuously probe the app for vulnerabilities through Bugcrowd and reported issues are resolved within defined timelines.

Forge does a lot of the heavy lifting here too. A few specifics matter for how data is handled:

  • Template data is stored on a dedicated backend we host with DigitalOcean in EU data centres (Frankfurt).
  • We store no personal data. The templates and variables you create are configuration, not customer records.
  • The permission model is explicit. Forge apps declare their scopes up front, and you can see exactly what the app is allowed to touch.

On top of the platform, the app gives you its own controls. You decide who can create and manage templates with project-level and global permission management, so template administration stays in the right hands. If you want the full picture, our privacy and security guide lays out where data lives and how access works.

The support pillar

The third pillar is support, and it is the one customers feel most directly. Cloud Fortified apps are expected to meet response-time commitments and to maintain real documentation, not a stub. The programme sets a concrete standard here: a response to critical and high-severity issues within 24 hours, five days a week. Buyers want to know the bar, not just that one exists.

We back the app with a complete set of guides rather than a single FAQ. New admins can start with getting started and move through creating issue templates and using templates at their own pace. There are deeper articles for the parts people ask about most, like creating variables in templates and preserving the links between issues, so support requests can often be answered before they are even sent.

What the badge means at procurement time

Practically, the badge is a shortcut through a procurement question. If your organization has a review process for new Marketplace apps, Cloud Fortified status is the kind of signal that review is looking for: it says an independent party, Atlassian itself, holds the vendor to an elevated and continuously monitored standard. Atlassian’s own enterprise sales teams treat Cloud Fortified status as a trust signal during procurement reviews, so it is not just a vendor claim you are asking a security team to take on faith.

For everyone else, it is a quieter reassurance. The app that helps you turn a repeatable issue into a reusable template is held to the same operational expectations as the platform it plugs into. You get the convenience without trading away reliability, security, or support to get it.

Try it free

The fastest way to judge an app is to use it. Process Templates for Jira is free for up to 10 users, and beyond that it is 0.50 USD per user per month through the Marketplace, with a 30-day free trial and no credit card required. You can see the full breakdown, including volume discounts, on our pricing page.

If you want the security programme in more detail, our explainer on the Cloud Security Participant badge covers the bug bounty programme and vulnerability-disclosure process. Note that Atlassian retired that badge in March 2026, but the underlying security practices it required remain in place.

Install Process Templates for Jira from the Atlassian Marketplace and see how the Cloud Fortified standard feels in practice. If you want to know what it can do first, the features overview is a good next stop.

Frequently asked questions

What is the Cloud Fortified badge on Atlassian Marketplace?
It is Atlassian's highest trust tier for Cloud apps. To carry it, an app has to meet ongoing audited standards for security, reliability (a 99.9% uptime commitment), and support response times, reviewed on a continuing basis rather than once.
Does Process Templates for Jira hold SOC 2 or ISO 27001?
No. The app is Cloud Fortified, which is Atlassian's own programme, and it is built on Atlassian Forge. We do not claim third-party certifications we do not hold.

Found this helpful? Share it.

Ready to template Jira tickets?

Install Process Templates for Jira from the Atlassian Marketplace. Free up to 10 users, 30-day trial above that.